RfidResearchGroup/proxmark3
1
1
Fork 0
mirror of https://github.com/RfidResearchGroup/proxmark3.git synced 2025-01-06 16:27:22 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'upstream/master' into em4x70-auth

Browse source
This commit is contained in:
Christian Molson 2020-12-12 10:00:22 -05:00
commit 13268df9c3
31 changed files with 389 additions and 381 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
armsrc/Standalone/lf_tharexde.c
View file

@ -88,7 +88,7 @@ static int get_input_data_from_file(uint32_t *words, char *inputfile) {
uint32_t size = size_in_spiffs(inputfile);
uint8_t *mem = BigBuf_malloc(size);
Dbprintf(_YELLOW_("found input file %s"), inputfile);
rdv40_spiffs_read_as_filetype(inputfile, mem, size, RDV40_SPIFFS_SAFETY_SAFE);
@ -153,7 +153,7 @@ void RunMod(void) {
if (button_pressed == BUTTON_SINGLE_CLICK) {
SpinUp(100);
switch (state) {
case STATE_SIM:
@ -168,7 +168,7 @@ void RunMod(void) {
default:
break;
}
state_change = true;
} else if (button_pressed == BUTTON_HOLD) {
@ -261,9 +261,9 @@ void RunMod(void) {
log_exists = exists_in_spiffs(LF_EM4X50BRUTE_LOGFILE);
now = get_input_data_from_file(passwords, LF_EM4X50BRUTE_INPUTFILE);
if (now == 2) {
// print some information
int no_iter = passwords[1] - passwords[0] + 1;
int dur_s = no_iter / EM4X50_PWD_SPEED;
@ -277,7 +277,7 @@ void RunMod(void) {
no_iter, passwords[0], passwords[1]);
Dbprintf(_YELLOW_("estimated duration: %ih%im%is"),
dur_h, dur_m, dur_s);
} else {
Dbprintf(_RED_("error in input data"));
break;
@ -287,7 +287,7 @@ void RunMod(void) {
}
pwd_found = em4x50_standalone_brute(passwords[0], passwords[1], &pwd);
if (pwd_found == PM3_ETIMEOUT) {
// timeout -> no EM4x50 tag on reader?
@ -313,15 +313,15 @@ void RunMod(void) {
strcat((char *)entry, "\n");
append(LF_EM4X50BRUTE_LOGFILE, entry, strlen((char *)entry));
} else {
// stopped -> write to logfile
sprintf((char *)entry, "stopped search - last password: 0x%08"PRIx32, pwd);
Dbprintf(_YELLOW_("%s"), entry);
strcat((char *)entry, "\n");
append(LF_EM4X50BRUTE_LOGFILE, entry, strlen((char *)entry));
// replace start password by last tested password in
// inputfile (spiffs) so that brute forcing process will
// be continued when envoking brute force mode again

82
armsrc/em4x50.c
View file

@ -37,11 +37,11 @@
#define EM4X50_T_TAG_WAITING_FOR_SIGNAL 75
#define EM4X50_T_WAITING_FOR_DBLLIW 1550
#define EM4X50_T_WAITING_FOR_SNGLLIW 140 // this value seems to be
// critical;
// if it's too low
// (e.g. < 120) some cards
// are no longer readable
// although they're ok
// critical;
// if it's too low
// (e.g. < 120) some cards
// are no longer readable
// although they're ok
#define EM4X50_TAG_TOLERANCE 8
#define EM4X50_TAG_WORD 45
@ -65,18 +65,18 @@ static void wait_timer(uint32_t period) {
// extract and check parities
// return result of parity check and extracted plain data
static bool extract_parities(uint64_t word, uint32_t *data) {
uint8_t row_parities = 0x0, col_parities = 0x0;
uint8_t row_parities_calculated = 0x0, col_parities_calculated = 0x0;
*data = 0x0;
// extract plain data (32 bits) from raw word (45 bits)
for (int i = 0; i < 4; i++) {
*data <<= 8;
*data |= (word >> ((4 - i) * 9 + 1)) & 0xFF;
}
// extract row parities (4 bits + stop bit) from raw word (45 bits)
for (int i = 0; i < 5; i++) {
row_parities <<= 1;
@ -106,7 +106,7 @@ static bool extract_parities(uint64_t word, uint32_t *data) {
col_parities_calculated ^= (*data >> ((3 - j) * 8 + (7 - i))) & 0x1;
}
}
if ((row_parities == row_parities_calculated) && (col_parities == col_parities_calculated))
return true;
@ -191,7 +191,7 @@ static bool get_signalproperties(void) {
// about 2 samples per bit period
wait_timer(T0 * EM4X50_T_TAG_HALF_PERIOD);
// ignore first samples
if ((i > SIGNAL_IGNORE_FIRST_SAMPLES) && (AT91C_BASE_SSC->SSC_RHR > noise)) {
signal_found = true;
@ -229,7 +229,7 @@ static bool get_signalproperties(void) {
gLow = sample_ref - pct * (sample_max_mean - sample_ref) / 100;
LED_A_OFF();
return true;
}
@ -290,7 +290,7 @@ static uint32_t get_pulse_length(void) {
// check if pulse length <pl> corresponds to given length <length>
static bool check_pulse_length(uint32_t pl, int length) {
return ((pl >= T0 * (length - EM4X50_TAG_TOLERANCE)) && (pl <= T0 * (length + EM4X50_TAG_TOLERANCE)));
return ((pl >= T0 * (length - EM4X50_TAG_TOLERANCE)) && (pl <= T0 * (length + EM4X50_TAG_TOLERANCE)));
}
// send single bit according to EM4x50 application note and datasheet
@ -346,12 +346,12 @@ static void em4x50_reader_send_byte_with_parity(uint8_t byte) {
// word hast be sent in msb notation
static void em4x50_reader_send_word(const uint32_t word) {
uint8_t bytes[4] = {0x0, 0x0, 0x0, 0x0};
for (int i = 0; i < 4; i++) {
bytes[i] = (word >> (24 - (8 * i))) & 0xFF;
em4x50_reader_send_byte_with_parity(bytes[i]);
}
// send column parities
em4x50_reader_send_byte(bytes[0] ^ bytes[1] ^ bytes[2] ^ bytes[3]);
@ -362,7 +362,7 @@ static void em4x50_reader_send_word(const uint32_t word) {
// find single listen window
static bool find_single_listen_window(void) {
int cnt_pulses = 0;
LED_B_ON();
while (cnt_pulses < EM4X50_T_WAITING_FOR_SNGLLIW) {
@ -392,7 +392,7 @@ static bool find_single_listen_window(void) {
// -> 34 words + 34 single listen windows -> about 1600 pulses
static int find_double_listen_window(bool bcommand) {
int cnt_pulses = 0;
LED_B_ON();
while (cnt_pulses < EM4X50_T_WAITING_FOR_DBLLIW) {
@ -452,7 +452,7 @@ static int find_double_listen_window(bool bcommand) {
cnt_pulses++;
}
LED_B_OFF();
LED_B_OFF();
return PM3_EFAILED;
}
@ -480,7 +480,7 @@ static bool check_ack(bool bliw) {
if (BUTTON_PRESS())
return false;
if (check_pulse_length(get_pulse_length(), 2 * EM4X50_T_TAG_FULL_PERIOD)) {
// The received signal is either ACK or NAK.
@ -531,9 +531,9 @@ static int get_word_from_bitstream(uint32_t *data) {
int cnt = 0;
uint32_t pl = 0;
uint64_t word = 0x0;
LED_C_ON();
*data = 0x0;
// initial bit value depends on last pulse length of listen window
@ -561,7 +561,7 @@ static int get_word_from_bitstream(uint32_t *data) {
cnt++;
word <<= 1;
pl = get_pulse_length();
if (check_pulse_length(pl, EM4X50_T_TAG_FULL_PERIOD)) {
@ -612,9 +612,9 @@ static int get_word_from_bitstream(uint32_t *data) {
return (extract_parities(word, data)) ? --cnt : 0;
}
}
LED_C_OFF();
return PM3_EOPABORTED;
}
@ -696,7 +696,7 @@ bool em4x50_sim_send_word(uint32_t word) {
// word has tobe sent in msb, not lsb
word = reflect32(word);
// 4 bytes each with even row parity bit
for (int i = 0; i < 4; i++) {
if (em4x50_sim_send_byte_with_parity((word >> ((3 - i) * 8)) & 0xFF) == false) {
@ -776,7 +776,7 @@ static bool login(uint32_t password) {
// send password
em4x50_reader_send_word(password);
wait_timer(T0 * EM4X50_T_TAG_TPP);
// check if ACK is returned
@ -799,7 +799,7 @@ static bool brute(uint32_t start, uint32_t stop, uint32_t *pwd) {
for (*pwd = start; *pwd <= stop; (*pwd)++) {
if (login(*pwd) == PM3_SUCCESS) {
pwd_found = true;
// to be safe login 5 more times
@ -809,11 +809,11 @@ static bool brute(uint32_t start, uint32_t stop, uint32_t *pwd) {
break;
}
}
if (pwd_found)
break;
}
// print password every 500 iterations
if ((++cnt % 500) == 0) {
@ -827,10 +827,10 @@ static bool brute(uint32_t start, uint32_t stop, uint32_t *pwd) {
// print data
Dbprintf("|%8i | 0x%08x | 0x%08x |", cnt, reflect32(*pwd), *pwd);
}
if (BUTTON_PRESS())
break;
}
// print footer
@ -852,7 +852,7 @@ void em4x50_login(uint32_t *password) {
reply_ng(CMD_LF_EM4X50_LOGIN, status, NULL, 0);
}
// envoke password search
// envoke password search
void em4x50_brute(em4x50_data_t *etd) {
em4x50_setup_read();
@ -903,7 +903,7 @@ void em4x50_chk(uint8_t *filename) {
pwd = 0x0;
for (int j = 0; j < 4; j++)
pwd |= (*(pwds + 4 * i + j)) << ((3 - j) * 8);
if ((status = login(pwd)) == PM3_SUCCESS)
break;
}
@ -1063,7 +1063,7 @@ void em4x50_reader(void) {
// writes <word> to specified <addresses>
static int write(uint32_t word, uint32_t addresses) {
if (request_receive_mode() == PM3_SUCCESS) {
// send write command
@ -1079,7 +1079,7 @@ static int write(uint32_t word, uint32_t addresses) {
reply_ng(CMD_LF_EM4X50_WRITE, PM3_ETEAROFF, NULL, 0);
return PM3_ETEAROFF;
} else {
// wait for T0 * EM4X50_T_TAG_TWA (write access time)
wait_timer(T0 * EM4X50_T_TAG_TWA);
@ -1175,7 +1175,7 @@ void em4x50_write(em4x50_data_t *etd) {
// if password is given renew login after reset
if (etd->pwd_given)
status = login(etd->password1);
if (status == PM3_SUCCESS) {
// call a selective read
@ -1225,11 +1225,11 @@ void em4x50_sim(uint8_t *filename) {
int status = PM3_SUCCESS;
uint8_t *em4x50_mem = BigBuf_get_EM_addr();
uint32_t words[EM4X50_NO_WORDS] = {0x0};
#ifdef WITH_FLASH
if (strlen((char *)filename) != 0) {
BigBuf_free();
int changed = rdv40_spiffs_lazy_mount();
@ -1246,7 +1246,7 @@ void em4x50_sim(uint8_t *filename) {
for (int i = 0; i < EM4X50_NO_WORDS; i++)
words[i] = reflect32(bytes_to_num(em4x50_mem + (i * 4), 4));
// only if valid em4x50 data (e.g. uid == serial)
if (words[EM4X50_DEVICE_SERIAL] != words[EM4X50_DEVICE_ID]) {
@ -1261,7 +1261,7 @@ void em4x50_sim(uint8_t *filename) {
// iceman, will need a usb cmd check to break as well
while (BUTTON_PRESS() == false) {
WDT_HIT();
em4x50_sim_send_listen_window();
for (int i = fwr; i <= lwr; i++) {
@ -1277,7 +1277,7 @@ void em4x50_sim(uint8_t *filename) {
} else {
status = PM3_ENODATA;
}
BigBuf_free();
lf_finalize();
reply_ng(CMD_LF_EM4X50_SIM, status, NULL, 0);

153
armsrc/em4x70.c
View file

@ -70,7 +70,7 @@ static int em4x70_receive(uint8_t *bits);
static bool find_listen_window(bool command);
static void init_tag(void) {
memset(tag.data, 0x00, sizeof(tag.data)/sizeof(tag.data[0]));
memset(tag.data, 0x00, sizeof(tag.data) / sizeof(tag.data[0]));
}
static void EM4170_setup_read(void) {
@ -114,7 +114,7 @@ static bool get_signalproperties(void) {
uint8_t sample_max_mean = 0;
uint8_t sample_max[no_periods];
uint32_t sample_max_sum = 0;
memset(sample_max, 0x00, sizeof(sample_max));
// wait until signal/noise > 1 (max. 32 periods)
@ -158,7 +158,7 @@ static bool get_signalproperties(void) {
gLow = sample_ref - pct * (sample_max_mean - sample_ref) / 100;
// Basic sanity check
if(gHigh - gLow < EM4X70_MIN_AMPLITUDE) {
if (gHigh - gLow < EM4X70_MIN_AMPLITUDE) {
return false;
}
@ -168,9 +168,9 @@ static bool get_signalproperties(void) {
/**
* get_pulse_length
*
*
* Times falling edge pulses
*/
*/
static uint32_t get_pulse_length(void) {
uint8_t sample;
@ -178,7 +178,7 @@ static uint32_t get_pulse_length(void) {
do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_HIGH(sample) && !IS_TIMEOUT(timeout));
} while (IS_HIGH(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout))
return 0;
@ -188,7 +188,7 @@ static uint32_t get_pulse_length(void) {
do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_LOW(sample) && !IS_TIMEOUT(timeout));
} while (IS_LOW(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout))
return 0;
@ -196,7 +196,7 @@ static uint32_t get_pulse_length(void) {
timeout = (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD) + GetTicks();
do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_HIGH(sample) && !IS_TIMEOUT(timeout));
} while (IS_HIGH(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout))
return 0;
@ -206,10 +206,10 @@ static uint32_t get_pulse_length(void) {
/**
* get_pulse_invert_length
*
*
* Times rising edge pules
* TODO: convert to single function with get_pulse_length()
*/
*/
static uint32_t get_pulse_invert_length(void) {
uint8_t sample;
@ -217,7 +217,7 @@ static uint32_t get_pulse_invert_length(void) {
do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_LOW(sample) && !IS_TIMEOUT(timeout));
} while (IS_LOW(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout))
return 0;
@ -227,7 +227,7 @@ static uint32_t get_pulse_invert_length(void) {
do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_HIGH(sample) && !IS_TIMEOUT(timeout));
} while (IS_HIGH(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout))
return 0;
@ -235,7 +235,7 @@ static uint32_t get_pulse_invert_length(void) {
timeout = GetTicks() + (TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD);
do {
sample = (uint8_t)AT91C_BASE_SSC->SSC_RHR;
}while (IS_LOW(sample) && !IS_TIMEOUT(timeout));
} while (IS_LOW(sample) && !IS_TIMEOUT(timeout));
if (IS_TIMEOUT(timeout))
return 0;
@ -279,9 +279,9 @@ static void em4x70_send_bit(bool bit) {
/**
* em4x70_send_nibble
*
*
* sends 4 bits of data + 1 bit of parity (with_parity)
*
*
*/
static void em4x70_send_nibble(uint8_t nibble, bool with_parity) {
int parity = 0;
@ -289,16 +289,16 @@ static void em4x70_send_nibble(uint8_t nibble, bool with_parity) {
// Non automotive EM4x70 based tags are 3 bits + 1 parity.
// So drop the MSB and send a parity bit instead after the command
if(command_parity)
if (command_parity)
msb_bit = 1;
for (int i = msb_bit; i < 4; i++) {
int bit = (nibble >> (3 - i)) & 1;
em4x70_send_bit(bit);
parity ^= bit;
}
if(with_parity)
if (with_parity)
em4x70_send_bit(parity);
}
@ -313,8 +313,8 @@ static void em4x70_send_word(const uint16_t word) {
// Split into nibbles
uint8_t nibbles[4];
uint8_t j = 0;
for(int i = 0; i < 2; i++) {
uint8_t byte = (word >> (8*i)) & 0xff;
for (int i = 0; i < 2; i++) {
uint8_t byte = (word >> (8 * i)) & 0xff;
nibbles[j++] = (byte >> 4) & 0xf;
nibbles[j++] = byte & 0xf;
}
@ -409,13 +409,13 @@ static int send_pin(const uint32_t pin) {
em4x70_send_nibble(EM4X70_COMMAND_PIN, true);
// --> Send TAG ID (bytes 4-7)
for(int i=0; i < 4; i++) {
em4x70_send_byte(tag.data[7-i]);
for (int i = 0; i < 4; i++) {
em4x70_send_byte(tag.data[7 - i]);
}
// --> Send PIN
for(int i=0; i < 4 ; i++) {
em4x70_send_byte((pin>>(i*8)) & 0xff);
for (int i = 0; i < 4 ; i++) {
em4x70_send_byte((pin >> (i * 8)) & 0xff);
}
// Wait TWALB (write access lock bits)
@ -429,7 +429,7 @@ static int send_pin(const uint32_t pin) {
// <-- Receive header + ID
uint8_t tag_id[EM4X70_MAX_RECEIVE_LENGTH];
int num = em4x70_receive(tag_id);
if(num < 32) {
if (num < 32) {
Dbprintf("Invalid ID Received");
return PM3_ESOFT;
}
@ -455,7 +455,7 @@ static int write(const uint16_t word, const uint8_t address) {
// send data word
em4x70_send_word(word);
// Wait TWA
// Wait TWA
WaitTicks(TICKS_PER_FC * EM4X70_T_TAG_TWA);
// look for ACK sequence
@ -475,9 +475,9 @@ static int write(const uint16_t word, const uint8_t address) {
static bool find_listen_window(bool command) {
int cnt = 0;
while(cnt < EM4X70_T_WAITING_FOR_SNGLLIW) {
while (cnt < EM4X70_T_WAITING_FOR_SNGLLIW) {
/*
80 ( 64 + 16 )
80 ( 64 + 16 )
@ -485,26 +485,25 @@ static bool find_listen_window(bool command) {
96 ( 64 + 32 )
64 ( 32 + 16 +16 )*/
if ( check_pulse_length(get_pulse_invert_length(), 80) &&
check_pulse_length(get_pulse_invert_length(), 80) &&
check_pulse_length(get_pulse_length(), 96) &&
check_pulse_length(get_pulse_length(), 64) )
{
if (check_pulse_length(get_pulse_invert_length(), 80) &&
check_pulse_length(get_pulse_invert_length(), 80) &&
check_pulse_length(get_pulse_length(), 96) &&
check_pulse_length(get_pulse_length(), 64)) {
if(command) {
/* Here we are after the 64 duration edge.
* em4170 says we need to wait about 48 RF clock cycles.
* depends on the delay between tag and us
*
* I've found between 4-5 quarter periods (32-40) works best
*/
WaitTicks(TICKS_PER_FC * 4 * EM4X70_T_TAG_QUARTER_PERIOD);
// Send RM Command
em4x70_send_bit(0);
em4x70_send_bit(0);
}
return true;
if (command) {
/* Here we are after the 64 duration edge.
* em4170 says we need to wait about 48 RF clock cycles.
* depends on the delay between tag and us
*
* I've found between 4-5 quarter periods (32-40) works best
*/
WaitTicks(TICKS_PER_FC * 4 * EM4X70_T_TAG_QUARTER_PERIOD);
// Send RM Command
em4x70_send_bit(0);
em4x70_send_bit(0);
}
return true;
}
cnt++;
}
@ -512,17 +511,17 @@ static bool find_listen_window(bool command) {
}
static void bits2bytes(const uint8_t *bits, int length, uint8_t *out) {
if(length%8 != 0) {
if (length % 8 != 0) {
Dbprintf("Should have a multiple of 8 bits, was sent %d", length);
}
int num_bytes = length / 8; // We should have a multiple of 8 here
for(int i=1; i <= num_bytes; i++) {
out[num_bytes-i] = bits2byte(bits, 8);
for (int i = 1; i <= num_bytes; i++) {
out[num_bytes - i] = bits2byte(bits, 8);
bits += 8;
}
}
}
static uint8_t bits2byte(const uint8_t *bits, int length) {
@ -541,16 +540,16 @@ static uint8_t bits2byte(const uint8_t *bits, int length) {
}
static bool send_command_and_read(uint8_t command, uint8_t resp_len_bits, uint8_t *out_bytes) {
int retries = EM4X70_COMMAND_RETRIES;
while(retries) {
while (retries) {
retries--;
if(find_listen_window(true)) {
if (find_listen_window(true)) {
uint8_t bits[EM4X70_MAX_RECEIVE_LENGTH] = {0};
em4x70_send_nibble(command, command_parity);
int len = em4x70_receive(bits);
if(len < resp_len_bits) {
if (len < resp_len_bits) {
Dbprintf("Invalid data received length: %d", len);
return false;
}
@ -565,9 +564,9 @@ static bool send_command_and_read(uint8_t command, uint8_t resp_len_bits, uint8_
/**
* em4x70_read_id
*
*
* read pre-programmed ID (4 bytes)
*/
*/
static bool em4x70_read_id(void) {
return send_command_and_read(EM4X70_COMMAND_ID, 32, &tag.data[4]);
@ -576,7 +575,7 @@ static bool em4x70_read_id(void) {
/**
* em4x70_read_um1
*
*
* read user memory 1 (4 bytes including lock bits)
*/
static bool em4x70_read_um1(void) {
@ -588,7 +587,7 @@ static bool em4x70_read_um1(void) {
/**
* em4x70_read_um2
*
*
* read user memory 2 (8 bytes)
*/
static bool em4x70_read_um2(void) {
@ -613,28 +612,28 @@ static int em4x70_receive(uint8_t *bits) {
// Read out the header
// 12 Manchester 1's (may miss some during settle period)
// 4 Manchester 0's
// Skip a few leading 1's as it could be noisy
WaitTicks(TICKS_PER_FC * 3 * EM4X70_T_TAG_FULL_PERIOD);
// wait until we get the transition from 1's to 0's which is 1.5 full windows
int pulse_count = 0;
while(pulse_count < 12){
while (pulse_count < 12) {
pl = get_pulse_invert_length();
pulse_count++;
if(check_pulse_length(pl, 3 * EM4X70_T_TAG_HALF_PERIOD)) {
if (check_pulse_length(pl, 3 * EM4X70_T_TAG_HALF_PERIOD)) {
foundheader = true;
break;
}
}
if(!foundheader) {
if (!foundheader) {
Dbprintf("Failed to find read header");
return 0;
}
// Skip next 3 0's, header check consumes the first 0
for(int i = 0; i < 3; i++) {
for (int i = 0; i < 3; i++) {
get_pulse_invert_length();
}
@ -642,7 +641,7 @@ static int em4x70_receive(uint8_t *bits) {
// between two listen windows only pulse lengths of 1, 1.5 and 2 are possible
while (bit_pos < EM4X70_MAX_RECEIVE_LENGTH) {
if(edge)
if (edge)
pl = get_pulse_length();
else
pl = get_pulse_invert_length();
@ -655,7 +654,7 @@ static int em4x70_receive(uint8_t *bits) {
} else if (check_pulse_length(pl, 3 * EM4X70_T_TAG_HALF_PERIOD)) {
// pulse length = 1.5 -> flip edge detection
if(edge) {
if (edge) {
bits[bit_pos++] = 0;
bits[bit_pos++] = 0;
edge = 0;
@ -668,7 +667,7 @@ static int em4x70_receive(uint8_t *bits) {
} else if (check_pulse_length(pl, 2 * EM4X70_T_TAG_FULL_PERIOD)) {
// pulse length of 2
if(edge) {
if (edge) {
bits[bit_pos++] = 0;
bits[bit_pos++] = 1;
} else {
@ -676,8 +675,8 @@ static int em4x70_receive(uint8_t *bits) {
bits[bit_pos++] = 0;
}
} else if ( (edge && check_pulse_length(pl, 3 * EM4X70_T_TAG_FULL_PERIOD)) ||
(!edge && check_pulse_length(pl, 80))) {
} else if ((edge && check_pulse_length(pl, 3 * EM4X70_T_TAG_FULL_PERIOD)) ||
(!edge && check_pulse_length(pl, 80))) {
// LIW detected (either invert or normal)
return --bit_pos;
@ -691,7 +690,7 @@ static int em4x70_receive(uint8_t *bits) {
void em4x70_info(em4x70_data_t *etd) {
uint8_t status = 0;
// Support tags with and without command parity bits
command_parity = etd->parity;
@ -720,11 +719,11 @@ void em4x70_write(em4x70_data_t *etd) {
// Find the Tag
if (get_signalproperties() && find_EM4X70_Tag()) {
// Write
status = write(etd->word, etd->address) == PM3_SUCCESS;
if(status) {
if (status) {
// Read Tag after writing
em4x70_read_id();
em4x70_read_um1();
@ -749,15 +748,15 @@ void em4x70_unlock(em4x70_data_t *etd) {
// Find the Tag
if (get_signalproperties() && find_EM4X70_Tag()) {
// Read ID (required for send_pin command)
if(em4x70_read_id()) {
if (em4x70_read_id()) {
// Send PIN
status = send_pin(etd->pin) == PM3_SUCCESS;
// If the write succeeded, read the rest of the tag
if(status) {
if (status) {
// Read Tag
// ID doesn't change
em4x70_read_um1();

34
armsrc/iso15693.c
View file

@ -1727,7 +1727,7 @@ void SimTagIso15693(uint8_t *uid) {
if ((cmd_len >= 5) && (cmd[0] & ISO15_REQ_INVENTORY) && (cmd[1] == ISO15_CMD_INVENTORY)) {
bool slow = !(cmd[0] & ISO15_REQ_DATARATE_HIGH);
uint32_t response_time = reader_eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM;
// Build INVENTORY command
uint8_t resp_inv[CMD_INV_RESP] = {0};
@ -1743,30 +1743,30 @@ void SimTagIso15693(uint8_t *uid) {
resp_inv[7] = uid[2];
resp_inv[8] = uid[1];
resp_inv[9] = uid[0];
// CRC
AddCrc15(resp_inv, 10);
CodeIso15693AsTag(resp_inv, CMD_INV_RESP);
tosend_t *ts = get_tosend();
TransmitTo15693Reader(ts->buf, ts->max, &response_time, 0, slow);
LogTrace_ISO15693(resp_inv, CMD_INV_RESP, response_time * 32, (response_time * 32) + (ts->max * 32 * 64), NULL, false);
chip_state = SELECTED;
}
// GET_SYSTEM_INFO
if ((cmd[1] == ISO15_CMD_SYSINFO)) {
bool slow = !(cmd[0] & ISO15_REQ_DATARATE_HIGH);
uint32_t response_time = reader_eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM;
// Build GET_SYSTEM_INFO command
uint8_t resp_sysinfo[CMD_SYSINFO_RESP] = {0};
resp_sysinfo[0] = 0; // Response flags.
resp_sysinfo[1] = 0x0F; // Information flags (0x0F - DSFID, AFI, Mem size, IC)
// 64-bit UID
resp_sysinfo[2] = uid[7];
resp_sysinfo[3] = uid[6];
@ -1776,42 +1776,42 @@ void SimTagIso15693(uint8_t *uid) {
resp_sysinfo[7] = uid[2];
resp_sysinfo[8] = uid[1];
resp_sysinfo[9] = uid[0];
resp_sysinfo[10] = 0; // DSFID
resp_sysinfo[11] = 0; // AFI
resp_sysinfo[12] = 0x1B; // Memory size.
resp_sysinfo[13] = 0x03; // Memory size.
resp_sysinfo[14] = 0x01; // IC reference.
// CRC
AddCrc15(resp_sysinfo, 15);
CodeIso15693AsTag(resp_sysinfo, CMD_SYSINFO_RESP);
tosend_t *ts = get_tosend();
TransmitTo15693Reader(ts->buf, ts->max, &response_time, 0, slow);
LogTrace_ISO15693(resp_sysinfo, CMD_SYSINFO_RESP, response_time * 32, (response_time * 32) + (ts->max * 32 * 64), NULL, false);
}
// READ_BLOCK
if ((cmd[1] == ISO15_CMD_READ)) {
bool slow = !(cmd[0] & ISO15_REQ_DATARATE_HIGH);
uint32_t response_time = reader_eof_time + DELAY_ISO15693_VCD_TO_VICC_SIM;
// Build GET_SYSTEM_INFO command
uint8_t resp_readblock[CMD_READBLOCK_RESP] = {0};
resp_readblock[0] = 0; // Response flags.
resp_readblock[1] = 0; // Block data.
resp_readblock[2] = 0; // Block data.
resp_readblock[3] = 0; // Block data.
resp_readblock[4] = 0; // Block data.
// CRC
AddCrc15(resp_readblock, 5);
CodeIso15693AsTag(resp_readblock, CMD_READBLOCK_RESP);
tosend_t *ts = get_tosend();
TransmitTo15693Reader(ts->buf, ts->max, &response_time, 0, slow);

2
armsrc/lfsampling.c
View file

@ -515,7 +515,7 @@ void doCotagAcquisition(void) {
if (BUTTON_PRESS())
break;
if (checker == 4000) {
if (data_available())
break;

36
client/src/cmdhf14a.c
View file

@ -2135,7 +2135,7 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
"Tag must be on antenna before running.",
"hf 14a apdufuzz\n"
"hf 14a apdufuzz --cla 80\n"
);
);
void *argtable[] = {
arg_param_begin,
@ -2143,7 +2143,7 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
arg_str0(NULL, "ins", "<hex>", "start INSTRUCTION value (1 hex byte)"),
arg_str0(NULL, "p1", "<hex>", "start P1 value (1 hex byte)"),
arg_str0(NULL, "p2", "<hex>", "start P2 value (1 hex byte)"),
arg_str0(NULL, "le", "<hex>", "start LENGTH value (1 hex byte)"),
arg_str0(NULL, "le", "<hex>", "start LENGTH value (1 hex byte)"),
arg_lit0("v", "verbose", "verbose output"),
arg_param_end
};
@ -2152,7 +2152,7 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
int cla_len = 0;
uint8_t cla[1] = {0};
CLIGetHexWithReturn(ctx, 1, cla, &cla_len);
int ins_len = 0;
uint8_t ins[1] = {0};
CLIGetHexWithReturn(ctx, 2, ins, &ins_len);
@ -2176,12 +2176,12 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
bool keep_field_on = true;
uint8_t a = cla[0];
uint8_t b = ins[0];
uint8_t b = ins[0];
uint8_t c = p1[0];
uint8_t d = p2[0];
uint8_t e = le[0];
uint8_t e = le[0];
PrintAndLogEx(SUCCESS, "Starting the apdu fuzzer [ CLA " _GREEN_("%02X") " INS " _GREEN_("%02X") " P1 " _GREEN_("%02X") " P2 " _GREEN_("%02X") " LE " _GREEN_("%02x")" ]", a,b,c,d,e);
PrintAndLogEx(SUCCESS, "Starting the apdu fuzzer [ CLA " _GREEN_("%02X") " INS " _GREEN_("%02X") " P1 " _GREEN_("%02X") " P2 " _GREEN_("%02X") " LE " _GREEN_("%02x")" ]", a, b, c, d, e);
PrintAndLogEx(INFO, "Press " _GREEN_("<Enter>") " to exit");
uint8_t response[PM3_CMD_DATA_SIZE];
@ -2210,7 +2210,7 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
}
uint8_t foo[5] = {a, b, c, d, e};
int foo_n = sizeof(foo);
int foo_n = sizeof(foo);
if (verbose) {
PrintAndLogEx(INFO, "%s", sprint_hex(foo, sizeof(foo)));
@ -2218,34 +2218,34 @@ static int CmdHf14AFuzzapdu(const char *Cmd) {
res = ExchangeAPDU14a(foo, foo_n, activate_field, keep_field_on, response, sizeof(response), &resplen);
if (res) {
e++;
continue;
continue;
}
uint16_t sw = get_sw(response, resplen);
if (sw != 0x6a86 &&
sw != 0x6986 &&
sw != 0x6d00
) {
PrintAndLogEx(INFO, "%02X %02X %02X %02X %02X (%04x - %s)", a,b,c,d,e, sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
sw != 0x6986 &&
sw != 0x6d00
) {
PrintAndLogEx(INFO, "%02X %02X %02X %02X %02X (%04x - %s)", a, b, c, d, e, sw, GetAPDUCodeDescription(sw >> 8, sw & 0xff));
}
e++;
if (verbose) {
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a,b,c,d,e);
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a, b, c, d, e);
}
} while (e);
d++;
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a,b,c,d,e);
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a, b, c, d, e);
} while (d);
c++;
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a,b,c,d,e);
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a, b, c, d, e);
} while (c);
b++;
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a,b,c,d,e);
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a, b, c, d, e);
} while (b);
a++;
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a,b,c,d,e);
} while(a);
PrintAndLogEx(INFO, "Status: %02X %02X %02X %02X %02X", a, b, c, d, e);
} while (a);
out:
PrintAndLogEx(SUCCESS, "time: %" PRIu64 " seconds\n", (msclock() - t1) / 1000);

16
client/src/cmdhficlass.c
View file

@ -624,7 +624,7 @@ static int CmdHFiClassReader(const char *Cmd) {
CLIParserInit(&ctx, "hf iclass reader",
"Act as a iCLASS reader. Look for iCLASS tags until Enter or the pm3 button is pressed",
"hf iclass reader -@ -> continuous reader mode"
);
);
void *argtable[] = {
arg_param_begin,
@ -1700,7 +1700,7 @@ static int CmdHFiClassRestore(const char *Cmd) {
"hf iclass restore -f hf-iclass-AA162D30F8FF12F1-dump.bin --first 6 --last 18 --ki 0\n"
"hf iclass restore -f hf-iclass-AA162D30F8FF12F1-dump.bin --first 6 --last 18 --ki 0 --elite\n"
"hf iclass restore -f hf-iclass-AA162D30F8FF12F1-dump.bin --first 6 --last 18 -k 1122334455667788 --elite\n"
);
);
void *argtable[] = {
arg_param_begin,
@ -3318,12 +3318,12 @@ static int CmdHFiClassPermuteKey(const char *Cmd) {
static int CmdHFiClassEncode(const char *Cmd) {
CLIParserContext *ctx;
CLIParserContext *ctx;
CLIParserInit(&ctx, "hf iclass encode",
"Encode binary wiegand to block 7",
"hf iclass encode --bin 10001111100000001010100011 --ki 0 -> FC 31 CN 337\n"
"hf iclass encode --bin 10001111100000001010100011 --ki 0 --elite -> FC 31 CN 337, writing w elite key"
);
);
void *argtable[] = {
arg_param_begin,
@ -3422,7 +3422,7 @@ static int CmdHFiClassEncode(const char *Cmd) {
}
// add binary sentinel bit.
pushBit(&bout, 1);
// convert binary string to hex bytes
for (int i = 0; i < bin_len; i++) {
char c = bin[i];
@ -3449,11 +3449,11 @@ static int CmdHFiClassEncode(const char *Cmd) {
int isok = PM3_SUCCESS;
// write
for (uint8_t i=0; i<4; i++) {
isok = iclass_write_block(6 + i, credential + (i*8), key, use_credit_key, elite, rawkey, false, false, auth);
for (uint8_t i = 0; i < 4; i++) {
isok = iclass_write_block(6 + i, credential + (i * 8), key, use_credit_key, elite, rawkey, false, false, auth);
switch (isok) {
case PM3_SUCCESS:
PrintAndLogEx(SUCCESS, "Write block %d/0x0%x ( " _GREEN_("ok") " ) --> " _YELLOW_("%s"), 6 + i, 6 + i, sprint_hex_inrow(credential + (i*8), 8));
PrintAndLogEx(SUCCESS, "Write block %d/0x0%x ( " _GREEN_("ok") " ) --> " _YELLOW_("%s"), 6 + i, 6 + i, sprint_hex_inrow(credential + (i * 8), 8));
break;
default:
PrintAndLogEx(SUCCESS, "Write block %d/0x0%x ( " _RED_("fail") " )", 6 + i, 6 + i);

2
client/src/cmdhfmfp.c
View file

@ -276,7 +276,7 @@ static int CmdHFMFPInfo(const char *Cmd) {
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "--- " _CYAN_("Tag Information") " ---------------------------");
PrintAndLogEx(INFO, "-------------------------------------------------------------");

4
client/src/cmdlfawid.c
View file

@ -510,7 +510,7 @@ static int CmdAWIDBrute(const char *Cmd) {
break;
}
// truncate card number
if ((cn & 0xFFFF) != cn) {
cn &= 0xFFFF;
@ -550,7 +550,7 @@ static int CmdAWIDBrute(const char *Cmd) {
if (cn > 1) {
if (down > 1) {
if (sendTry(fmtlen, fc, --down, delay, bits, size, verbose) != PM3_SUCCESS) {
return PM3_ESOFT;
return PM3_ESOFT;
}
}
}

6
client/src/cmdlfdestron.c
View file

@ -190,9 +190,9 @@ static int CmdDestronClone(const char *Cmd) {
blocks[1] = (blocks[1] & 0xFFFF) | 0xAAE20000;
PrintAndLogEx(INFO, "Preparing to clone Destron tag to " _YELLOW_("%s") " with ID: " _YELLOW_("%s")
, cardtype
, sprint_hex_inrow(data, datalen)
);
, cardtype
, sprint_hex_inrow(data, datalen)
);
print_blocks(blocks, ARRAYLEN(blocks));

24
client/src/cmdlfem410x.c
View file

@ -118,7 +118,7 @@ void printEM410x(uint32_t hi, uint64_t id, bool verbose) {
if (hi) {
PrintAndLogEx(SUCCESS, "EM 410x ID "_GREEN_("%06X%016" PRIX64), hi, id);
} else {
PrintAndLogEx(SUCCESS, "EM 410x ID "_GREEN_("%010" PRIX64), id);
PrintAndLogEx(SUCCESS, "EM 410x ID "_GREEN_("%010" PRIX64), id);
}
return;
}
@ -395,7 +395,7 @@ static int CmdEM410xReader(const char *Cmd) {
// emulate an EM410X tag
static int CmdEM410xSim(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "lf em 410x sim",
"Enables simulation of EM 410x card.\n"
@ -433,7 +433,7 @@ static int CmdEM410xSim(const char *Cmd) {
return PM3_SUCCESS;
}
static int CmdEM410xBrute(const char *Cmd) {
static int CmdEM410xBrute(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "lf em 410x brute",
"bruteforcing by emulating EM 410x tag",
@ -452,10 +452,10 @@ static int CmdEM410xBrute(const char *Cmd) {
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
// clock default 64 in EM410x
// clock default 64 in EM410x
uint32_t clk = arg_get_u32_def(ctx, 1, 64);
// default pause time: 1 second
// default pause time: 1 second
uint32_t delay = arg_get_u32_def(ctx, 2, 1000);
int fnlen = 0;
@ -467,7 +467,7 @@ static int CmdEM410xBrute(const char *Cmd) {
PrintAndLogEx(ERR, "Error: Please specify a filename");
return PM3_EINVARG;
}
uint32_t uidcnt = 0;
uint8_t stUidBlock = 20;
uint8_t *p = NULL;
@ -543,10 +543,10 @@ static int CmdEM410xBrute(const char *Cmd) {
memcpy(testuid, uidblock + 5 * c, 5);
PrintAndLogEx(INFO, "Bruteforce %d / %d: simulating UID " _YELLOW_("%s")
, c + 1
, uidcnt
, sprint_hex_inrow(testuid, sizeof(testuid))
);
, c + 1
, uidcnt
, sprint_hex_inrow(testuid, sizeof(testuid))
);
em410x_construct_emul_graph(testuid, clk);
@ -585,7 +585,7 @@ static int CmdEM410xClone(const char *Cmd) {
CLIParserContext *ctx;
CLIParserInit(&ctx, "lf em 410x clone",
"Writes EM410x ID to a T55x7 or Q5/T5555 tag",
"lf em 410x clone --id 0F0368568B -> write id to T55x7 tag\n"
"lf em 410x clone --id 0F0368568B -> write id to T55x7 tag\n"
"lf em 410x clone --id 0F0368568B --q5 -> write id to Q5/T5555 tag"
);
@ -598,7 +598,7 @@ static int CmdEM410xClone(const char *Cmd) {
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
// clock default 64 in EM410x
// clock default 64 in EM410x
uint32_t clk = arg_get_u32_def(ctx, 1, 64);
int uid_len = 0;
uint8_t uid[5] = {0};

30
client/src/cmdlfem4x05.c
View file

@ -773,7 +773,7 @@ int CmdEM4x05Write(const char *Cmd) {
void *argtable[] = {
arg_param_begin,
arg_int0("a", "addr", "<dec>", "memory address to write to. (0-13)"),
arg_str1("d", "data", "<hex>", "data to write, 4 bytes hex"),
arg_str1("d", "data", "<hex>", "data to write, 4 bytes hex"),
arg_str0("p", "pwd", "<hex>", "optional - password, 4 bytes hex"),
arg_lit0(NULL, "po", "protect operation"),
arg_param_end
@ -784,14 +784,14 @@ int CmdEM4x05Write(const char *Cmd) {
uint64_t inputpwd = arg_get_u64_hexstr_def(ctx, 3, 0xFFFFFFFFFFFFFFFF);
bool protect_operation = arg_get_lit(ctx, 4);
CLIParserFree(ctx);
if ((addr > 13) && (protect_operation == false)) {
PrintAndLogEx(WARNING, "Address must be between 0 and 13");
return PM3_EINVARG;
}
bool use_pwd = false;
uint32_t pwd = ( inputpwd != 0xFFFFFFFFFFFFFFFF) ? (inputpwd & 0xFFFFFFFF) : 0;
bool use_pwd = false;
uint32_t pwd = (inputpwd != 0xFFFFFFFFFFFFFFFF) ? (inputpwd & 0xFFFFFFFF) : 0;
if (pwd == 0xFFFFFFFF) {
if (protect_operation)
PrintAndLogEx(INFO, "Writing protection words data %08X", data);
@ -807,14 +807,14 @@ int CmdEM4x05Write(const char *Cmd) {
int res = PM3_SUCCESS;
// set Protect Words
if (protect_operation) {
if (protect_operation) {
res = em4x05_protect(pwd, use_pwd, data);
if ( res != PM3_SUCCESS) {
if (res != PM3_SUCCESS) {
return res;
}
} else {
res = em4x05_write_word_ext(addr, pwd, use_pwd, data);
if ( res != PM3_SUCCESS) {
if (res != PM3_SUCCESS) {
return res;
}
}
@ -888,25 +888,25 @@ int CmdEM4x05Wipe(const char *Cmd) {
bool use_pwd = false;
uint32_t pwd = 0;
if ( inputpwd != 0xFFFFFFFFFFFFFFFF) {
if (inputpwd != 0xFFFFFFFFFFFFFFFF) {
pwd = (inputpwd & 0xFFFFFFFF);
use_pwd = true;
}
// block 0 : User Data or Chip Info
int res = em4x05_write_word_ext(0, pwd, use_pwd, chip_info);
if ( res != PM3_SUCCESS) {
if (res != PM3_SUCCESS) {
return res;
}
// block 1 : UID - this should be read only for EM4205 and EM4305 not sure about others
res = em4x05_write_word_ext(1, pwd, use_pwd, chip_UID);
if ( res != PM3_SUCCESS) {
if (res != PM3_SUCCESS) {
PrintAndLogEx(INFO, "UID block write failed");
}
// block 2 : password
res = em4x05_write_word_ext(2, pwd, use_pwd, block_data);
if ( res != PM3_SUCCESS) {
if (res != PM3_SUCCESS) {
return res;
}
@ -914,20 +914,20 @@ int CmdEM4x05Wipe(const char *Cmd) {
pwd = block_data;
// block 3 : user data
res = em4x05_write_word_ext(3, pwd, use_pwd, block_data);
if ( res != PM3_SUCCESS) {
if (res != PM3_SUCCESS) {
return res;
}
// block 4 : config
res = em4x05_write_word_ext(4, pwd, use_pwd, config);
if ( res != PM3_SUCCESS) {
if (res != PM3_SUCCESS) {
return res;
}
// Remainder of user/data blocks
for (addr = 5; addr < 14; addr++) {// Clear user data blocks
res = em4x05_write_word_ext(addr, pwd, use_pwd, block_data);
if ( res != PM3_SUCCESS) {
if (res != PM3_SUCCESS) {
return res;
}
}
@ -2146,4 +2146,4 @@ static int CmdHelp(const char *Cmd) {
int CmdLFEM4X05(const char *Cmd) {
clearCommandBuffer();
return CmdsParse(CommandTable, Cmd);
}
}

108
client/src/cmdlfem4x50.c
View file

@ -28,7 +28,7 @@ static void prepare_result(const uint8_t *data, int fwr, int lwr, em4x50_word_t
// restructure received result in "em4x50_word_t" structure
for (int i = fwr; i <= lwr; i++) {
for (int j = 0; j < 4; j++) {
words[i].byte[j] = data[i * 4 + (3 - j)];
words[i].byte[j] = data[i * 4 + (3 - j)];
}
}
}
@ -131,7 +131,7 @@ static int em4x50_load_file(const char *filename, uint8_t *data, size_t data_len
int res = 0;
uint32_t serial = 0x0, device_id = 0x0;
if (str_endswith(filename, ".eml"))
res = loadFileEML(filename, data, bytes_read) != PM3_SUCCESS;
else if (str_endswith(filename, ".json"))
@ -202,7 +202,7 @@ int CmdEM4x50ELoad(const char *Cmd) {
// upload to emulator memory
PrintAndLogEx(INFO, "Uploading dump " _YELLOW_("%s") " to emulator memory", filename);
em4x50_seteml(data, 0, DUMP_FILESIZE);
PrintAndLogEx(INFO, "Done");
return PM3_SUCCESS;
}
@ -236,7 +236,7 @@ int CmdEM4x50ESave(const char *Cmd) {
PrintAndLogEx(WARNING, "Fail, transfer from device time-out");
return PM3_ETIMEOUT;
}
// valid em4x50 data?
uint32_t serial = bytes_to_num(data + 4 * EM4X50_DEVICE_SERIAL, 4);
uint32_t device_id = bytes_to_num(data + 4 * EM4X50_DEVICE_ID, 4);
@ -244,7 +244,7 @@ int CmdEM4x50ESave(const char *Cmd) {
PrintAndLogEx(WARNING, "No valid em4x50 data in flash memory.");
return PM3_ENODATA;
}
// user supplied filename?
if (fnlen == 0) {
PrintAndLogEx(INFO, "Using UID as filename");
@ -272,7 +272,7 @@ int CmdEM4x50Login(const char *Cmd) {
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
CLIExecWithReturn(ctx, Cmd, argtable, true);
int pwd_len = 0;
uint8_t pwd[4] = {0x0};
CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len);
@ -281,7 +281,7 @@ int CmdEM4x50Login(const char *Cmd) {
if (pwd_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes");
return PM3_EINVARG;
}
}
uint32_t password = BYTES2UINT32(pwd);
@ -315,30 +315,30 @@ int CmdEM4x50Brute(const char *Cmd) {
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
CLIExecWithReturn(ctx, Cmd, argtable, true);
int first_len = 0;
uint8_t first[4] = {0,0,0,0};
uint8_t first[4] = {0, 0, 0, 0};
CLIGetHexWithReturn(ctx, 1, first, &first_len);
int last_len = 0;
uint8_t last[4] = {0,0,0,0};
uint8_t last[4] = {0, 0, 0, 0};
CLIGetHexWithReturn(ctx, 2, last, &last_len);
CLIParserFree(ctx);
if (first_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes");
return PM3_EINVARG;
}
if (last_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes");
return PM3_EINVARG;
}
}
if (last_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes");
return PM3_EINVARG;
}
em4x50_data_t etd;
etd.password1 = BYTES2UINT32(first);
etd.password2 = BYTES2UINT32(last);
// 27 passwords/second (empirical value)
const int speed = 27;
const int speed = 27;
// print some information
int no_iter = etd.password2 - etd.password1 + 1;
@ -348,10 +348,10 @@ int CmdEM4x50Brute(const char *Cmd) {
dur_s -= dur_h * 3600 + dur_m * 60;
PrintAndLogEx(INFO, "Trying %i passwords in range [0x%08x, 0x%08x]"
, no_iter
, etd.password1
, etd.password2
);
, no_iter
, etd.password1
, etd.password2
);
PrintAndLogEx(INFO, "Estimated duration: %ih%im%is", dur_h, dur_m, dur_s);
// start
@ -390,7 +390,7 @@ int CmdEM4x50Chk(const char *Cmd) {
char filename[FILE_PATH_SIZE] = {0};
CLIParamStrToBuf(arg_get_str(ctx, 1), (uint8_t *)filename, FILE_PATH_SIZE, &fnlen);
CLIParserFree(ctx);
if (IfPm3Flash() == false) {
PrintAndLogEx(WARNING, "no flash memory available");
return PM3_EFLASH;
@ -410,17 +410,17 @@ int CmdEM4x50Chk(const char *Cmd) {
int res = loadFileDICTIONARY(filename, data, &datalen, 4, &key_count);
if (res || !key_count)
return PM3_EFILE;
PrintAndLogEx(INFO, "You can cancel this operation by pressing the pm3 button");
int status = PM3_EFAILED;
int keyblock = 2000; // block with 2000 bytes -> 500 keys
uint8_t destfn[32] = "em4x50_chk.bin";
PacketResponseNG resp;
PacketResponseNG resp;
int bytes_remaining = datalen;
while (bytes_remaining > 0) {
PrintAndLogEx(INPLACE, "Remaining keys: %i ", bytes_remaining / 4);
// upload to flash.
@ -434,7 +434,7 @@ int CmdEM4x50Chk(const char *Cmd) {
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_CHK, destfn, sizeof(destfn));
WaitForResponseTimeoutW(CMD_LF_EM4X50_CHK, &resp, -1, false);
status = resp.status;
if ((status == PM3_SUCCESS) || (status == PM3_EOPABORTED))
break;
@ -444,7 +444,7 @@ int CmdEM4x50Chk(const char *Cmd) {
}
PrintAndLogEx(NORMAL, "");
// print response
if (status == PM3_SUCCESS) {
PrintAndLogEx(SUCCESS, "Key " _GREEN_("found: %02x %02x %02x %02x"),
@ -452,7 +452,7 @@ int CmdEM4x50Chk(const char *Cmd) {
resp.data.asBytes[2],
resp.data.asBytes[1],
resp.data.asBytes[0]
);
);
} else {
PrintAndLogEx(FAILED, "No key found");
}
@ -536,7 +536,7 @@ int CmdEM4x50Read(const char *Cmd) {
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
int addr = arg_get_int_def(ctx, 1, 0);
int pwd_len = 0;
uint8_t pwd[4] = {0x0};
@ -545,7 +545,7 @@ int CmdEM4x50Read(const char *Cmd) {
if (addr <= 0 || addr >= EM4X50_NO_WORDS) {
return PM3_EINVARG;
}
}
em4x50_data_t etd;
@ -587,11 +587,11 @@ int CmdEM4x50Info(const char *Cmd) {
CLIExecWithReturn(ctx, Cmd, argtable, true);
int pwd_len = 0;
uint8_t pwd[4] = {0x0};
uint8_t pwd[4] = {0x0};
CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len);
CLIParserFree(ctx);
em4x50_data_t etd = {.pwd_given = false};
em4x50_data_t etd = {.pwd_given = false};
if (pwd_len) {
if (pwd_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes instead of %d", pwd_len);
@ -610,7 +610,7 @@ int CmdEM4x50Info(const char *Cmd) {
return PM3_ETIMEOUT;
}
if ( resp.status == PM3_SUCCESS)
if (resp.status == PM3_SUCCESS)
print_info_result(resp.data.asBytes);
else
PrintAndLogEx(FAILED, "Reading tag " _RED_("failed"));
@ -666,7 +666,7 @@ int CmdEM4x50Reader(const char *Cmd) {
PrintAndLogEx(INFO, _GREEN_(" %s") "| %s", sprint_hex(words[i].byte, 4), r);
}
PrintAndLogEx(INFO, "-------------+-------------");
}
} while (cm && !kbd_enter_pressed());
@ -771,11 +771,11 @@ int CmdEM4x50Write(const char *Cmd) {
arg_str0("p", "pwd", "<hex>", "password, 4 bytes, lsb"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
int addr = arg_get_int_def(ctx, 1, 0);
int word_len = 0;
uint8_t word[4] = {0x0};
CLIGetHexWithReturn(ctx, 2, word, &word_len);
@ -784,18 +784,18 @@ int CmdEM4x50Write(const char *Cmd) {
uint8_t pwd[4] = {0x0};
CLIGetHexWithReturn(ctx, 3, pwd, &pwd_len);
CLIParserFree(ctx);
if (addr <= 0 || addr >= EM4X50_NO_WORDS) {
PrintAndLogEx(FAILED, "address has to be within range [0, 31]");
return PM3_EINVARG;
}
}
if (word_len != 4) {
PrintAndLogEx(FAILED, "word/data length must be 4 bytes instead of %d", word_len);
return PM3_EINVARG;
}
em4x50_data_t etd = {.pwd_given = false};
em4x50_data_t etd = {.pwd_given = false};
if (pwd_len) {
if (pwd_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes instead of %d", pwd_len);
@ -853,7 +853,7 @@ int CmdEM4x50WritePwd(const char *Cmd) {
arg_str1("n", "new", "<hex>", "new password, 4 hex bytes, lsb"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
int pwd_len = 0;
uint8_t pwd[4] = {0x0};
@ -865,7 +865,7 @@ int CmdEM4x50WritePwd(const char *Cmd) {
CLIParserFree(ctx);
em4x50_data_t etd;
em4x50_data_t etd;
if (pwd_len != 4) {
PrintAndLogEx(FAILED, "password length must be 4 bytes instead of %d", pwd_len);
return PM3_EINVARG;
@ -898,9 +898,9 @@ int CmdEM4x50WritePwd(const char *Cmd) {
}
PrintAndLogEx(SUCCESS, "Writing new password %s (%s)"
, sprint_hex_inrow(npwd, sizeof(npwd))
, _GREEN_("ok")
);
, sprint_hex_inrow(npwd, sizeof(npwd))
, _GREEN_("ok")
);
return PM3_SUCCESS;
}
@ -919,7 +919,7 @@ int CmdEM4x50Wipe(const char *Cmd) {
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
CLIExecWithReturn(ctx, Cmd, argtable, true);
int pwd_len = 0;
uint8_t pwd[4] = {0x0};
CLIGetHexWithReturn(ctx, 1, pwd, &pwd_len);
@ -935,7 +935,7 @@ int CmdEM4x50Wipe(const char *Cmd) {
etd.password1 = BYTES2UINT32(pwd);
etd.pwd_given = true;
// clear password
PacketResponseNG resp;
clearCommandBuffer();
@ -954,13 +954,13 @@ int CmdEM4x50Wipe(const char *Cmd) {
// from now on new password 0x0
etd.password1 = 0x0;
// clear data (words 1 to 31)
for (int i = 1; i < EM4X50_DEVICE_SERIAL; i++) {
// no login necessary for blocks 3 to 31
etd.pwd_given = (i <= EM4X50_CONTROL);
PrintAndLogEx(INPLACE, "Wiping block %i", i);
etd.addresses = i << 8 | i;
@ -971,7 +971,7 @@ int CmdEM4x50Wipe(const char *Cmd) {
return PM3_ETIMEOUT;
}
if ( resp.status != PM3_SUCCESS) {
if (resp.status != PM3_SUCCESS) {
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(FAILED, "Wiping data " _RED_("failed"));
return PM3_ESOFT;
@ -1002,7 +1002,7 @@ int CmdEM4x50Restore(const char *Cmd) {
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
CLIExecWithReturn(ctx, Cmd, argtable, true);
int uidLen = 0;
uint8_t uid[4] = {0x0};
@ -1057,7 +1057,7 @@ int CmdEM4x50Restore(const char *Cmd) {
etd.addresses = i << 8 | i;
etd.word = reflect32(BYTES2UINT32((data + 4 * i)));
PacketResponseNG resp;
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X50_WRITE, (uint8_t *)&etd, sizeof(etd));
@ -1074,7 +1074,7 @@ int CmdEM4x50Restore(const char *Cmd) {
}
}
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, "Done");
return PM3_SUCCESS;
}
@ -1118,10 +1118,10 @@ static command_t CommandTable[] = {
{"login", CmdEM4x50Login, IfPm3EM4x50, "login into EM4x50"},
{"rdbl", CmdEM4x50Read, IfPm3EM4x50, "read word data from EM4x50"},
{"wrbl", CmdEM4x50Write, IfPm3EM4x50, "write word data to EM4x50"},
{"writepwd",CmdEM4x50WritePwd, IfPm3EM4x50, "change password of EM4x50"},
{"writepwd", CmdEM4x50WritePwd, IfPm3EM4x50, "change password of EM4x50"},
{"wipe", CmdEM4x50Wipe, IfPm3EM4x50, "wipe EM4x50 tag"},
{"reader", CmdEM4x50Reader, IfPm3EM4x50, "show standard read mode data of EM4x50"},
{"restore",CmdEM4x50Restore, IfPm3EM4x50, "restore EM4x50 dump to tag"},
{"restore", CmdEM4x50Restore, IfPm3EM4x50, "restore EM4x50 dump to tag"},
{"sim", CmdEM4x50Sim, IfPm3EM4x50, "simulate EM4x50 tag"},
{"eload", CmdEM4x50ELoad, IfPm3EM4x50, "upload dump of EM4x50 to flash memory"},
{"esave", CmdEM4x50ESave, IfPm3EM4x50, "save flash memory to file"},

36
client/src/cmdlfem4x70.c
View file

@ -31,26 +31,26 @@ static void print_info_result(uint8_t *data) {
// data section
PrintAndLogEx(NORMAL, "");
PrintAndLogEx(INFO, _YELLOW_("EM4x70 data:"));
for(int i=1; i <= 32; i+=2) {
PrintAndLogEx(NORMAL, "%02X %02X", data[32-i], data[32-i-1]);
for (int i = 1; i <= 32; i += 2) {
PrintAndLogEx(NORMAL, "%02X %02X", data[32 - i], data[32 - i - 1]);
}
PrintAndLogEx(NORMAL, "Tag ID: %02X %02X %02X %02X", data[7], data[6], data[5], data[4]);
PrintAndLogEx(NORMAL, "Lockbit 0: %d %s", (data[3] & 0x40) ? 1:0, (data[3] & 0x40) ? "LOCKED":"UNLOCKED");
PrintAndLogEx(NORMAL, "Lockbit 1: %d", (data[3] & 0x80) ? 1:0);
PrintAndLogEx(NORMAL, "Lockbit 0: %d %s", (data[3] & 0x40) ? 1 : 0, (data[3] & 0x40) ? "LOCKED" : "UNLOCKED");
PrintAndLogEx(NORMAL, "Lockbit 1: %d", (data[3] & 0x80) ? 1 : 0);
PrintAndLogEx(NORMAL, "");
}
int em4x70_info(void) {
em4x70_data_t edata = {
.parity = false // TODO: try both? or default to true
};
clearCommandBuffer();
SendCommandNG(CMD_LF_EM4X70_INFO, (uint8_t *)&edata, sizeof(edata));
PacketResponseNG resp;
if (!WaitForResponseTimeout(CMD_LF_EM4X70_INFO, &resp, TIMEOUT)) {
PrintAndLogEx(WARNING, "(em4x70) timeout while waiting for reply.");
@ -87,7 +87,7 @@ int CmdEM4x70Info(const char *Cmd) {
" V4070 and EM4170 do require parity bit.",
"lf em 4x70 info\n"
"lf em 4x70 info --par -> adds parity bit to command\n"
);
);
void *argtable[] = {
arg_param_begin,
@ -128,7 +128,7 @@ int CmdEM4x70Write(const char *Cmd) {
"Write EM4x70\n",
"lf em 4x70 write -b 15 -d c0de -> write 'c0de' to block 15\n"
"lf em 4x70 write -b 15 -d c0de --par -> adds parity bit to commands\n"
);
);
void *argtable[] = {
arg_param_begin,
@ -139,11 +139,11 @@ int CmdEM4x70Write(const char *Cmd) {
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
etd.parity = arg_get_lit(ctx, 1);
int addr = arg_get_int(ctx, 2);
int word_len = 0;
uint8_t word[2] = {0x0};
CLIGetHexWithReturn(ctx, 3, word, &word_len);
@ -153,8 +153,8 @@ int CmdEM4x70Write(const char *Cmd) {
if (addr < 0 || addr >= EM4X70_NUM_BLOCKS) {
PrintAndLogEx(FAILED, "block has to be within range [0, 15]");
return PM3_EINVARG;
}
}
if (word_len != 2) {
PrintAndLogEx(FAILED, "word/data length must be 2 bytes instead of %d", word_len);
return PM3_EINVARG;
@ -195,7 +195,7 @@ int CmdEM4x70Unlock(const char *Cmd) {
" 00000000\n",
"lf em 4x70 unlock -p 11223344 -> Unlock with PIN\n"
"lf em 4x70 unlock -p 11223344 --par -> Unlock with PIN using parity commands\n"
);
);
void *argtable[] = {
arg_param_begin,
@ -205,12 +205,12 @@ int CmdEM4x70Unlock(const char *Cmd) {
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
etd.parity = arg_get_lit(ctx, 1);
int pin_len = 0;
uint8_t pin[4] = {0x0};
CLIGetHexWithReturn(ctx, 2, pin, &pin_len);
CLIParserFree(ctx);

12
client/src/cmdlffdxb.c
View file

@ -727,7 +727,7 @@ static int CmdFdxBClone(const char *Cmd) {
}
uint32_t extended = 0;
bool has_extended = false;
bool has_extended = false;
if (extended_len) {
extended = bytes_to_num(edata, extended_len);
has_extended = true;
@ -773,10 +773,10 @@ static int CmdFdxBClone(const char *Cmd) {
free(bs);
PrintAndLogEx(INFO, "Preparing to clone FDX-B to " _YELLOW_("%s") " with animal ID: " _GREEN_("%04u-%"PRIu64)
, cardtype
, country_code
, national_code
);
, cardtype
, country_code
, national_code
);
print_blocks(blocks, ARRAYLEN(blocks));
int res;
@ -820,7 +820,7 @@ static int CmdFdxBSim(const char *Cmd) {
CLIParserFree(ctx);
uint32_t extended = 0;
bool has_extended = false;
bool has_extended = false;
if (extended_len) {
extended = bytes_to_num(edata, extended_len);
has_extended = true;

2
client/src/cmdlfgallagher.c
View file

@ -233,7 +233,7 @@ static int CmdGallagherClone(const char *Cmd) {
static int CmdGallagherSim(const char *Cmd) {
CLIParserContext *ctx;
CLIParserContext *ctx;
CLIParserInit(&ctx, "lf gallagher sim",
"Enables simulation of GALLAGHER card with specified card number.\n"
"Simulation runs until the button is pressed or another USB command is issued.\n",

14
client/src/cmdlfguard.c
View file

@ -226,10 +226,10 @@ static int CmdGuardClone(const char *Cmd) {
free(bs);
PrintAndLogEx(INFO, "Preparing to clone Guardall to " _YELLOW_("%s") " with Facility Code: " _GREEN_("%u") " Card Number: " _GREEN_("%u")
, cardtype
, facilitycode
, cardnumber
);
, cardtype
, facilitycode
, cardnumber
);
print_blocks(blocks, ARRAYLEN(blocks));
int res;
@ -281,9 +281,9 @@ static int CmdGuardSim(const char *Cmd) {
}
PrintAndLogEx(SUCCESS, "Simulating Guardall Prox - Facility Code: " _YELLOW_("%u") " CardNumber: " _YELLOW_("%u")
, facilitycode
, cardnumber
);
, facilitycode
, cardnumber
);
// Guard uses: clk: 64, invert: 0, encoding: 2 (ASK Biphase)
lf_asksim_t *payload = calloc(1, sizeof(lf_asksim_t) + sizeof(bs));

12
client/src/cmdlfhid.c
View file

@ -60,16 +60,16 @@ static int sendTry(uint8_t format_idx, wiegand_card_t *card, uint32_t delay, boo
if (HIDPack(format_idx, card, &packed) == false) {
PrintAndLogEx(WARNING, "The card data could not be encoded in the selected format.");
return PM3_ESOFT;
return PM3_ESOFT;
}
if (verbose) {
PrintAndLogEx(INFO, "Trying FC: " _YELLOW_("%u") " CN: " _YELLOW_("%"PRIu64) " Issue level: " _YELLOW_("%u") " OEM: " _YELLOW_("%u")
, card->FacilityCode
, card->CardNumber
, card->IssueLevel
, card->OEM
);
, card->FacilityCode
, card->CardNumber
, card->IssueLevel
, card->OEM
);
}
lf_hidsim_t payload;

28
client/src/cmdlfindala.c
View file

@ -250,7 +250,7 @@ static int CmdIndalaDemod(const char *Cmd) {
"lf indala demod --clock 32 -> demod a Indala tag from GraphBuffer using a clock of RF/32\n"
"lf indala demod --clock 32 -i -> demod a Indala tag from GraphBuffer using a clock of RF/32 and inverting data\n"
"lf indala demod --clock 64 -i --maxerror 0 -> demod a Indala tag from GraphBuffer using a clock of RF/64, inverting data and allowing 0 demod errors"
);
);
void *argtable[] = {
arg_param_begin,
@ -281,7 +281,7 @@ static int CmdIndalaDemodAlt(const char *Cmd) {
"It's now considered obsolete but remains because it has sometimes its advantages.",
"lf indala altdemod\n"
"lf indala altdemod --long -> demod a Indala tag from GraphBuffer as 224 bit long format"
);
);
void *argtable[] = {
arg_param_begin,
@ -583,9 +583,9 @@ static int CmdIndalaSim(const char *Cmd) {
// lf simpsk 1 c 32 r 2 d 0102030405060708
PrintAndLogEx(SUCCESS, "Simulating " _YELLOW_("%s") " Indala raw " _YELLOW_("%s")
, (is_long_uid) ? "224b" : "64b"
, sprint_hex_inrow(raw, raw_len)
);
, (is_long_uid) ? "224b" : "64b"
, sprint_hex_inrow(raw, raw_len)
);
PrintAndLogEx(SUCCESS, "Press pm3-button to abort simulation or run another command");
// indala PSK, clock 32, carrier 0
@ -665,7 +665,7 @@ static int CmdIndalaClone(const char *Cmd) {
uint8_t max = 0;
uint32_t blocks[8] = {0};
char cardtype[16] = {"T55x7"};
if (is_long_uid) {
blocks[0] = T55x7_BITRATE_RF_32 | T55x7_MODULATION_PSK2 | (7 << T55x7_MAXBLOCK_SHIFT);
@ -673,7 +673,7 @@ static int CmdIndalaClone(const char *Cmd) {
blocks[0] = T5555_FIXED | T5555_SET_BITRATE(32) | T5555_MODULATION_PSK2 | (7 << T5555_MAXBLOCK_SHIFT);
snprintf(cardtype, sizeof(cardtype), "Q5/T5555");
}
if (em) {
blocks[0] = EM4305_INDALA_224_CONFIG_BLOCK;
snprintf(cardtype, sizeof(cardtype), "EM4305/4469");
@ -691,9 +691,9 @@ static int CmdIndalaClone(const char *Cmd) {
// 224 BIT UID
// config for Indala (RF/32;PSK2 with RF/2;Maxblock=7)
PrintAndLogEx(INFO, "Preparing to clone Indala 224bit to " _YELLOW_("%s") " raw " _GREEN_("%s")
, cardtype
, sprint_hex_inrow(raw, raw_len)
);
, cardtype
, sprint_hex_inrow(raw, raw_len)
);
} else {
@ -737,7 +737,7 @@ static int CmdIndalaClone(const char *Cmd) {
blocks[0] = T5555_FIXED | T5555_SET_BITRATE(32) | T5555_MODULATION_PSK1 | (2 << T5555_MAXBLOCK_SHIFT);
snprintf(cardtype, sizeof(cardtype), "Q5/T5555");
}
if (em) {
blocks[0] = EM4305_INDALA_64_CONFIG_BLOCK;
snprintf(cardtype, sizeof(cardtype), "EM4305/4469");
@ -749,9 +749,9 @@ static int CmdIndalaClone(const char *Cmd) {
// config for Indala 64 format (RF/32;PSK1 with RF/2;Maxblock=2)
PrintAndLogEx(INFO, "Preparing to clone Indala 64bit to " _YELLOW_("%s") " raw " _GREEN_("%s")
, cardtype
, sprint_hex_inrow(raw, raw_len)
);
, cardtype
, sprint_hex_inrow(raw, raw_len)
);
}
print_blocks(blocks, max);

12
client/src/cmdlfio.c
View file

@ -318,12 +318,12 @@ static int CmdIOProxClone(const char *Cmd) {
blocks[2] = bytebits_to_byte(bits + 32, 32);
PrintAndLogEx(INFO, "Preparing to clone ioProx to " _YELLOW_("%s") " with Version: " _GREEN_("%u") " FC: " _GREEN_("%u (0x%02x)") " CN: " _GREEN_("%u")
, cardtype
, version
, fc
, fc
, cn
);
, cardtype
, version
, fc
, fc
, cn
);
print_blocks(blocks, ARRAYLEN(blocks));
int res;

4
client/src/cmdlfjablotron.c
View file

@ -219,11 +219,11 @@ static int CmdJablotronClone(const char *Cmd) {
free(bits);
uint64_t id = getJablontronCardId(fullcode);
uint64_t id = getJablontronCardId(fullcode);
PrintAndLogEx(INFO, "Preparing to clone Jablotron to " _YELLOW_("%s") " with FullCode: " _GREEN_("%"PRIx64)" id: " _GREEN_("%"PRIx64), cardtype, fullcode, id);
print_blocks(blocks, ARRAYLEN(blocks));
int res;
if (em) {
res = em4x05_clone_tag(blocks, ARRAYLEN(blocks), 0, false);

2
client/src/cmdlfmotorola.c
View file

@ -264,7 +264,7 @@ static int CmdMotorolaSim(const char *Cmd) {
};
CLIExecWithReturn(ctx, Cmd, argtable, true);
CLIParserFree(ctx);
// PSK sim.
PrintAndLogEx(INFO, " PSK1 at 66 kHz... Interesting.");
PrintAndLogEx(INFO, " To be implemented, feel free to contribute!");

34
client/src/cmdlfnedap.c
View file

@ -145,13 +145,13 @@ int demodNedap(bool verbose) {
badgeId = r1 * 10000 + r2 * 1000 + r3 * 100 + r4 * 10 + r5;
PrintAndLogEx(SUCCESS, "NEDAP (%s) - ID: " _YELLOW_("%05u") " subtype: " _YELLOW_("%1u")" customer code: " _YELLOW_("%u / 0x%03X") " Raw: " _YELLOW_("%s")
, (size == 128) ? "128b" : "64b"
, badgeId
, subtype
, customerCode
, customerCode
, sprint_hex_inrow(data, size / 8)
);
, (size == 128) ? "128b" : "64b"
, badgeId
, subtype
, customerCode
, customerCode
, sprint_hex_inrow(data, size / 8)
);
PrintAndLogEx(DEBUG, "Checksum (%s) 0x%04X", _GREEN_("ok"), checksum);
} else {
@ -373,7 +373,7 @@ static int CmdLFNedapClone(const char *Cmd) {
arg_u64_0(NULL, "st", "<dec>", "optional - sub type (default 5)"),
arg_u64_1(NULL, "cc", "<dec>", "customer code (0-4095)"),
arg_u64_1(NULL, "id", "<dec>", "ID (0-99999)"),
arg_lit0("l", "long", "optional - long (128), default to short (64)"),
arg_lit0("l", "long", "optional - long (128), default to short (64)"),
arg_lit0(NULL, "q5", "optional - specify writing to Q5/T5555 tag"),
arg_lit0(NULL, "em", "optional - specify writing to EM4305/4469 tag"),
arg_param_end
@ -395,17 +395,17 @@ static int CmdLFNedapClone(const char *Cmd) {
}
if (sub_type > 0xF) {
PrintAndLogEx(FAILED, "out-of-range, valid subtype is between 0-15");
return PM3_EINVARG;
return PM3_EINVARG;
}
if (customer_code > 0xFFF) {
PrintAndLogEx(FAILED, "out-of-range, valid customer code is between 0-4095");
return PM3_EINVARG;
return PM3_EINVARG;
}
if (id > 99999) {
PrintAndLogEx(FAILED, "out-of-range, id max value is 99999");
return PM3_EINVARG;
return PM3_EINVARG;
}
PrintAndLogEx(SUCCESS, "NEDAP (%s) - ID: " _GREEN_("%05u") " subtype: " _GREEN_("%1u") " customer code: " _GREEN_("%u / 0x%03X")
@ -454,7 +454,7 @@ static int CmdLFNedapClone(const char *Cmd) {
NedapGen(sub_type, customer_code, id, is_long, data);
for (uint8_t i = 1; i < max ; i++) {
blocks[i] = bytes_to_num (data + ((i - 1) * 4), 4);
blocks[i] = bytes_to_num(data + ((i - 1) * 4), 4);
}
PrintAndLogEx(SUCCESS, "Preparing to clone NEDAP to " _YELLOW_("%s") " tag", cardtype);
@ -492,7 +492,7 @@ static int CmdLFNedapSim(const char *Cmd) {
arg_u64_0(NULL, "st", "<dec>", "optional - sub type (default 5)"),
arg_u64_1(NULL, "cc", "<dec>", "customer code (0-4095)"),
arg_u64_1(NULL, "id", "<dec>", "ID (0-99999)"),
arg_lit0("l", "long", "optional - long (128), default to short (64)"),
arg_lit0("l", "long", "optional - long (128), default to short (64)"),
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
@ -502,20 +502,20 @@ static int CmdLFNedapSim(const char *Cmd) {
uint32_t id = arg_get_u32_def(ctx, 3, 0);
bool is_long = arg_get_lit(ctx, 4);
CLIParserFree(ctx);
if (sub_type > 0xF) {
PrintAndLogEx(FAILED, "out-of-range, valid subtype is between 0-15");
return PM3_EINVARG;
return PM3_EINVARG;
}
if (customer_code > 0xFFF) {
PrintAndLogEx(FAILED, "out-of-range, valid customer code is between 0-4095");
return PM3_EINVARG;
return PM3_EINVARG;
}
if (id > 99999) {
PrintAndLogEx(FAILED, "out-of-range, id max value is 99999");
return PM3_EINVARG;
return PM3_EINVARG;
}
PrintAndLogEx(SUCCESS, "NEDAP (%s) - ID: " _GREEN_("%05u") " subtype: " _GREEN_("%1u") " customer code: " _GREEN_("%u / 0x%03X")

4
client/src/cmdlfpcf7931.c
View file

@ -125,7 +125,7 @@ static int CmdLFPCF7931Config(const char *Cmd) {
}
if (pwd_len) {
memcpy(configPcf.Pwd, pwd, sizeof(configPcf.Pwd));
memcpy(configPcf.Pwd, pwd, sizeof(configPcf.Pwd));
}
if (delay != -1) {
configPcf.InitDelay = (delay & 0xFFFF);
@ -134,7 +134,7 @@ static int CmdLFPCF7931Config(const char *Cmd) {
configPcf.OffsetWidth = (ow & 0xFFFF);
}
if (op != 0xFFFF) {
configPcf.OffsetPosition =(op & 0xFFFF);
configPcf.OffsetPosition = (op & 0xFFFF);
}
pcf7931_printConfig();

2
client/src/cmdlft55xx.c
View file

@ -2806,7 +2806,7 @@ char *GetModelStrFromCID(uint32_t cid) {
}
char *GetConfigBlock0Source(uint8_t id) {
static char buf[40];
char *retStr = buf;

2
client/src/cmdlft55xx.h
View file

@ -129,7 +129,7 @@ typedef struct {
notSet = 0x00,
autoDetect = 0x01,
userSet = 0x02,
tagRead = 0x03,
tagRead = 0x03,
} block0Status;
enum {
RF_8 = 0x00,

4
client/src/cmdlfti.c
View file

@ -330,7 +330,7 @@ static int CmdTIWrite(const char *Cmd) {
arg_param_begin,
arg_str1("r", "raw", "<hex>", "raw hex data. 8 bytes max"),
arg_str0(NULL, "crc", "<hex>", "optional - crc"),
arg_param_end
arg_param_end
};
CLIExecWithReturn(ctx, Cmd, argtable, false);
@ -354,7 +354,7 @@ static int CmdTIWrite(const char *Cmd) {
payload.crc = bytes_to_num(crc, crc_len);
clearCommandBuffer();
SendCommandNG(CMD_LF_TI_WRITE, (uint8_t*)&payload, sizeof(payload));
SendCommandNG(CMD_LF_TI_WRITE, (uint8_t *)&payload, sizeof(payload));
PrintAndLogEx(SUCCESS, "Done");
PrintAndLogEx(HINT, "Hint: try " _YELLOW_("`lf ti reader`") " to verify");
return PM3_SUCCESS;

2
common/commonutil.c
View file

@ -109,7 +109,7 @@ uint32_t reflect32(uint32_t b) {
// swap bytes
v = ((v >> 8) & 0x00FF00FF) | ((v & 0x00FF00FF) << 8);
// swap 2-byte long pairs
v = ( v >> 16 ) | ( v << 16);
v = (v >> 16) | (v << 16);
return v;
}

4
common/lfdemod.c
View file

@ -1082,8 +1082,8 @@ int DetectPSKClock(uint8_t *dest, size_t size, int clock, size_t *firstPhaseShif
if (g_debugMode == 2) prnt("DEBUG PSK: firstFullWave: %zu, waveLen: %d", firstFullWave, fullWaveLen);
// Avoid autodetect if user selected a clock
for(uint8_t validClk = 1; validClk < 8; validClk++) {
if(clock == clk[validClk]) return(clock);
for (uint8_t validClk = 1; validClk < 8; validClk++) {
if (clock == clk[validClk]) return (clock);
}
//test each valid clock from greatest to smallest to see which lines up

71
doc/commands.md
View file

@ -38,7 +38,6 @@ Check column "offline" for their availability.
|`analyse nuid `|Y |`create NUID from 7byte UID`
|`analyse demodbuff `|Y |`Load binary string to demodbuffer`
|`analyse freq `|Y |`Calc wave lengths`
|`analyse foo `|Y |`muxer`
### data
@ -143,6 +142,7 @@ Check column "offline" for their availability.
|`hf 14a raw `|N |`Send raw hex data to tag`
|`hf 14a antifuzz `|N |`Fuzzing the anticollision phase. Warning! Readers may react strange`
|`hf 14a config `|N |`Configure 14a settings (use with caution)`
|`hf 14a apdufuzz `|N |`Fuzz APDU - CLA/INS/P1P2`
### hf 14b
@ -248,28 +248,29 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`hf iclass help `|Y |`This help`
|`hf iclass dump `|N |`[options..] Dump Picopass / iCLASS tag to file`
|`hf iclass info `|Y |` Tag information`
|`hf iclass list `|Y |` List iclass history`
|`hf iclass rdbl `|N |`[options..] Read Picopass / iCLASS block`
|`hf iclass reader `|N |` Act like an Picopass / iCLASS reader`
|`hf iclass restore `|N |`[options..] Restore a dump file onto a Picopass / iCLASS tag`
|`hf iclass sniff `|N |` Eavesdrop Picopass / iCLASS communication`
|`hf iclass wrbl `|N |`[options..] Write Picopass / iCLASS block`
|`hf iclass chk `|N |`[options..] Check keys`
|`hf iclass loclass `|Y |`[options..] Use loclass to perform bruteforce reader attack`
|`hf iclass lookup `|Y |`[options..] Uses authentication trace to check for key in dictionary file`
|`hf iclass sim `|N |`[options..] Simulate iCLASS tag`
|`hf iclass eload `|N |`[f <fn> ] Load Picopass / iCLASS dump file into emulator memory`
|`hf iclass esave `|N |`[f <fn> ] Save emulator memory to file`
|`hf iclass eview `|N |`[options..] View emulator memory`
|`hf iclass calcnewkey `|Y |`[options..] Calc diversified keys (blocks 3 & 4) to write new keys`
|`hf iclass encrypt `|Y |`[options..] Encrypt given block data`
|`hf iclass decrypt `|Y |`[options..] Decrypt given block data or tag dump file`
|`hf iclass managekeys `|Y |`[options..] Manage keys to use with iclass commands`
|`hf iclass permutekey `|N |` Permute function from 'heart of darkness' paper`
|`hf iclass view `|Y |`[options..] Display content from tag dump file`
|`hf iclass help `|Y |` This help`
|`hf iclass dump `|N |`[*] Dump Picopass / iCLASS tag to file`
|`hf iclass info `|Y |` Tag information`
|`hf iclass list `|Y |` List iclass history`
|`hf iclass rdbl `|N |`[*] Read Picopass / iCLASS block`
|`hf iclass reader `|N |` Act like an Picopass / iCLASS reader`
|`hf iclass restore `|N |`[*] Restore a dump file onto a Picopass / iCLASS tag`
|`hf iclass sniff `|N |` Eavesdrop Picopass / iCLASS communication`
|`hf iclass wrbl `|N |`[*] Write Picopass / iCLASS block`
|`hf iclass chk `|N |`[*] Check keys`
|`hf iclass loclass `|Y |`[*] Use loclass to perform bruteforce reader attack`
|`hf iclass lookup `|Y |`[*] Uses authentication trace to check for key in dictionary file`
|`hf iclass sim `|N |`[*] Simulate iCLASS tag`
|`hf iclass eload `|N |`[*] Load Picopass / iCLASS dump file into emulator memory`
|`hf iclass esave `|N |`[*] Save emulator memory to file`
|`hf iclass eview `|N |`[.] View emulator memory`
|`hf iclass calcnewkey `|Y |`[*] Calc diversified keys (blocks 3 & 4) to write new keys`
|`hf iclass encode `|Y |`[*] Encode binary wiegand to block 7`
|`hf iclass encrypt `|Y |`[*] Encrypt given block data`
|`hf iclass decrypt `|Y |`[*] Decrypt given block data or tag dump file`
|`hf iclass managekeys `|Y |`[*] Manage keys to use with iclass commands`
|`hf iclass permutekey `|N |` Permute function from 'heart of darkness' paper`
|`hf iclass view `|Y |`[*] Display content from tag dump file`
### hf legic
@ -577,10 +578,10 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`lf em help `|Y |`This help`
|`lf em 410x `|Y |`EM 410x commands...`
|`lf em 4x05 `|Y |`EM 4x05 commands...`
|`lf em 4x50 `|Y |`EM 4x50 commands...`
|`lf em 4x70 `|Y |`EM 4x70 commands...`
|`lf em 410x `|Y |`EM 4102 commands...`
|`lf em 4x05 `|Y |`EM 4205 / 4305 / 4369 / 4469 commands...`
|`lf em 4x50 `|Y |`EM 4350 / 4450 commands...`
|`lf em 4x70 `|Y |`EM 4070 / 4170 commands...`
### lf fdxb
@ -672,9 +673,9 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`lf indala help `|Y |`this help`
|`lf indala demod `|Y |`demodulate an indala tag (PSK1) from GraphBuffer`
|`lf indala altdemod `|Y |`alternative method to Demodulate samples for Indala 64 bit UID (option '224' for 224 bit)`
|`lf indala reader `|N |`read an Indala Prox tag from the antenna`
|`lf indala demod `|Y |`demodulate an Indala tag (PSK1) from GraphBuffer`
|`lf indala altdemod `|Y |`alternative method to demodulate samples for Indala 64 bit UID (option '224' for 224 bit)`
|`lf indala reader `|N |`read an Indala tag from the antenna`
|`lf indala clone `|N |`clone Indala tag to T55x7 or Q5/T5555`
|`lf indala sim `|N |`simulate Indala tag`
@ -686,10 +687,10 @@ Check column "offline" for their availability.
|command |offline |description
|------- |------- |-----------
|`lf io help `|Y |`this help`
|`lf io demod `|Y |`demodulate an IOProx tag from the GraphBuffer`
|`lf io demod `|Y |`demodulate an ioProx tag from the GraphBuffer`
|`lf io reader `|N |`attempt to read and extract tag data`
|`lf io clone `|N |`clone IOProx tag to T55x7 or Q5/T5555`
|`lf io sim `|N |`simulate IOProx tag`
|`lf io clone `|N |`clone ioProx tag to T55x7 or Q5/T5555`
|`lf io sim `|N |`simulate ioProx tag`
|`lf io watch `|N |`continuously watch for cards. Reader mode`
@ -1001,7 +1002,7 @@ Check column "offline" for their availability.
|------- |------- |-----------
|`wiegand help `|Y |`This help`
|`wiegand list `|Y |`List available wiegand formats`
|`wiegand encode `|Y |`Encode to wiegand raw hex`
|`wiegand decode `|Y |`Convert raw hex to decoded wiegand format`
|`wiegand encode `|Y |`Encode to wiegand raw hex (currently for HID Prox)`
|`wiegand decode `|Y |`Convert raw hex to decoded wiegand format (currently for HID Prox)`

8
doc/magic_cards_notes.md
View file

@ -426,6 +426,12 @@ Note: it seems some cards only accept the "change UID" command.
It accepts direct read of block0 (and only block0) without prior auth.
Writing to block 0 has some side-effects:
* It changes also the UID. Changing the UID *does not* change block 0.
* ATQA and SAK bytes are automatically replaced by fixed values.
* On 4-byte UID cards, BCC byte is automatically corrected.
### Characteristics
* UID: 4b and 7b versions
@ -452,6 +458,8 @@ Equivalent:
```
# change just UID:
hf 14a raw -s -c -t 2000 90FBCCCC07 11223344556677
# read block0:
hf 14a raw -s -c 3000
# write block0:
hf 14a raw -s -c -t 2000 90F0CCCC10 041219c3219316984200e32000000000
# lock (uid/block0?) forever: